Memory Guard

What This Skill Does

Memory Guard by cassh100k is a critical security layer for OpenClaw agents designed to enforce memory integrity. It acts as a defensive perimeter for an agent's core identity files, specifically targeting MEMORY.md, HEARTBEAT.md, and SOUL.md. By utilizing SHA-256 hashing, the tool maintains a cryptographically signed registry of your files within a hidden directory. When executed, Memory Guard detects unauthorized modifications, injection attacks, and personality drift that could compromise an agent's decision-making capabilities. It also tracks provenance, ensuring that every memory entry contains a structured header detailing the agent, timestamp, confidence level, and rationale. By implementing a Three-Log pattern (actions.log, rejections.log, and handoffs.log), it provides a transparent audit trail of every interaction and modification event, moving the agent from a state of blind trust in its workspace to one of verified, cryptographic certainty.

Installation

To install Memory Guard, ensure you have the OpenClaw environment initialized. The most efficient method is using the clawhub registry. Run the following command in your terminal:

clawhub install openclaw/skills/skills/cassh100k/memory-guard

Alternatively, for manual installation, download the source code from the repository and place the memory-guard/ directory directly into your designated skills/ folder. Ensure your environment has read/write permissions for the workspace root to allow the script to generate the .memory-guard directory and update the hash registry.

Use Cases

1. High-Stakes Agent Operations: Ideal for agents managing long-running tasks where memory state persistence is vital. Memory Guard prevents external processes or buggy scripts from overwriting core identity files.
2. Multi-Agent Environments: In scenarios where multiple agents share a workspace, Memory Guard prevents cross-agent contamination by flagging any file changes not authorized by the provenance stamps.
3. Compliance & Audit Logging: Useful for developers who need to demonstrate how their agent's memory has evolved over time, providing a verifiable record of why specific memory entries were created.

Example Prompts

1. "Memory Guard, perform a full audit of my workspace and generate a report on all file changes since yesterday."
2. "Memory Guard, please verify the integrity of SOUL.md and IDENTITY.md to ensure no unauthorized drift has occurred."
3. "Memory Guard, stamp the latest entry in MEMORY.md with a confidence level of 0.9 and add it to the provenance registry."

Tips & Limitations

• Continuous Monitoring: For maximum protection, configure memory-guard watch to run as a persistent background process or incorporate it into your HEARTBEAT.md cycle.
• Git Integration: Memory Guard works best when your workspace is a Git repository; it leverages git-log to attribute changes to specific commit authors.
• Limitations: Memory Guard is a reactive integrity monitor; it protects against unauthorized changes but cannot prevent a compromised agent from intentionally modifying its own files if the agent is already acting maliciously. Always pair with robust authentication protocols.